Authenticate email address?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
The_Anomaly
Forum Contributor
Posts: 196
Joined: Fri Aug 08, 2008 4:56 pm
Location: Tirana, Albania

Authenticate email address?

Post by The_Anomaly »

Hey guys,

This seems so terribly easy, I feel ashamed to bring it to the forum. However, I was wondering what the best way of doing this would be.

In my current project, which is basically an intranet for a company, users can send email to an address with a certain note they'd like to submit. Every time someone goes to the admin page, these emails are all parsed and inserted into the database. However, I only want two email addresses to be allowed.

Here's my problem. So, I could easily create an array of these emails and then use in_array() or something similar. The problem with this is that the "From" field is often formatted in the following matter: "Joe Bloggs <joebloggs@mail.com>". So, checking against a list that contains joeblogs@mail.com would not work.

So, why not use some string search function like strstr()? Since the name in the from field is user defined, I could easily see a cracker using the following email address to get past this security measure: "joeblogs@mail.com <imahacker@twistedmorons.com>". This would easily pass the strstr command.

So, I'm stuck. Basically, is there any secure way to authenticate an email address?
cptnwinky
Forum Commoner
Posts: 84
Joined: Sat Dec 27, 2008 10:58 am
Location: Williamstown, MA

Re: Authenticate email address?

Post by cptnwinky »

You could use a regular expression (albeit a complicated one) to match and check either form of email address. Alternatively if I understand you correctly you could just create a dropdown box with only the two emails you will allow as choices.
User avatar
novice4eva
Forum Contributor
Posts: 327
Joined: Thu Mar 29, 2007 3:48 am
Location: Nepal

Re: Authenticate email address?

Post by novice4eva »

I bet there is one for the email too....but this was a very interesting topic by matthijs about using filters
viewtopic.php?f=34&t=92052&p=503956#p503956
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: Authenticate email address?

Post by Ambush Commander »

The trouble is that even the From header can be spoofed, so it really can't be trusted.
Post Reply